Hello Community!
Could you please check if the following IP is blocked: 185.44.205.3
All the certificates are expired and I'm having some troubles renewing them as in the past.
root@xxxx:~# curl -4 -vvv https://acme-v02.api.letsencrypt.org/directory
Trying 172.65.32.248:443...
TCP_NODELAY set
DNS resolutions seems to be working fine. On my firewall I see the exit but I don't see incoming traffic.
Thanks in advance!
All the best,
Lazar
2 Likes
rg305
August 16, 2022, 6:26pm
2
Can you connect to other sites?
Like: curl -4 https://google.com/
4 Likes
We are not blocking this IP address.
5 Likes
root@xxxx:~# curl -4 https://google.com/
301 Moved
301 Moved
The document has moved
here .
1 Like
Thanks for the check. Then I have to find another solution for this.
rg305
August 17, 2022, 3:15pm
6
That's good.
Please show the output of:
netstat -nr
3 Likes
root@xxxx:~# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.28.10.92 0.0.0.0 UG 0 0 0 ens160
172.28.10.0 0.0.0.0 255.255.255.0 U 0 0 0 ens160
To be honest, this is quite tricky.. I just cant manage to find the problem..
This is the traffic - i see outgoing but nothing blocks on the firewall, there is nothing on implicit deny
rg305
August 18, 2022, 5:42pm
9
Was that the entire output of netstat -nr
?
3 Likes
Yes its the entire output.
I've found the problem yesterday in an evening troubleshooting session.
You see, we have two uplinks from our network. The backup uplink is not configured right and if packets arrive from that endpoint, then they are not properly routed.
The HTTP challange is initiated over our primary uplink so until we fix our uplinks there is nothing i can do about the renewal of the certificate.
But many thanks for the help and the quick answers!
Cheers!
3 Likes
system
Closed
September 18, 2022, 10:48am
11
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.